Upgraded NIST PIV Standards Boost Security and Interoperability

Published Date: 25/07/2024

NIST updates PIV standards to align with FIPS 201 revisions, introducing new security features and deprecated authentication mechanisms

"The National Institute of Standards and Technology (NIST) has recently updated its Personal Identity Verification (PIV) standards to align with the revised Federal Information Processing Standard (FIPS) 201, which sets the standards for PIV credentials, including PIV Cards.

The updated NIST Special Publication (SP) 800-73-5  Parts 1–3 focuses on the technical specifications for using PIV Cards. Notable changes include the removal of the deprecated Cardholder Unique Identifier (CHUID) authentication mechanism and the deprecation of the SYM-CAK and Visual (VIS) authentication mechanisms. An optional one-factor secure messaging authentication mechanism (SM-Auth) has been introduced for facility access applications. Additionally, the use of facial image biometrics has been expanded for general authentication via the BIO and BIO-A authentication mechanisms.

The revised SP 800-73-5 also introduces an optional Cardholder identifier in the PIV Authentication Certificate, which identifies a PIV credential holder within their PIV credential set issued during eligibility. Furthermore, it imposes restrictions on the number of consecutive activation retries for both PIN and On-Card Comparison (OCC) attempts, limiting them to 10 or fewer.

NIST SP 800-78-5, which addresses Cryptographic Algorithms and Key Sizes for Personal Identity Verification, has also been updated. Key updates include the deprecation of certain Triple Data Encryption Algorithm (3TDEA) identifiers and the removal of the retired Random Number Generator (RNG) from Cryptographic Algorithm Validation Program (CAVP) PIV component testing. Additionally, the retired FIPS 186-2 key generation method has been removed from CAVP PIV component testing where applicable.

The updates to SP 800-78-5 also include the accommodation of the Secure Messaging Authentication key and updates to Section 3.1 and Table 1 to reflect the inclusion of higher strength keys with at least 128-bit security, which will be required for authentication starting in 2031.

The revisions by NIST aim to enhance the security and interoperability of PIV credentials and the systems that use them. By aligning SP 800-73-5 and SP 800-78-5 with the updated FIPS 201, NIST is continuing to support the secure identification and authentication needs of federal agencies that rely on PIV credentials.

  Information 

The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and advance technology to improve the lives of Americans.

Facetec is a global identity management company that provides advanced biometric solutions for secure identification and authentication."

FAQs:

"Q: What is the purpose of the PIV standards update?

A: The purpose of the update is to align with the revised FIPS 201 standards and enhance the security and interoperability of PIV credentials and the systems that use them.

Q: What is the Cardholder Unique Identifier (CHUID) authentication mechanism?

A: CHUID is an older method of identifying someone using a unique number on their card, which has been deprecated in the updated PIV standards.

Q: What is the Secure Messaging Authentication key?

A: The Secure Messaging Authentication key is a new key introduced in the updated SP 800-78-5 to accommodate secure messaging authentication.

Q: What is the impact of the updated PIV standards on federal agencies?

A: The updated PIV standards will enhance the security and interoperability of PIV credentials and the systems that use them, supporting the secure identification and authentication needs of federal agencies that rely on PIV credentials.

Q: What is the role of NIST in promoting security and innovation?

A: NIST is a non-regulatory agency of the United States Department of Commerce that promotes innovation and advances technology to improve the lives of Americans, including promoting security and innovation in the field of identity verification and authentication."

Biometric Products & Solutions

BioEnable offers a wide range of cutting-edge biometric products and solutions: